One of the biggest risks that is confronting companies is the risk relating to the inadequacy of cyber security. It is much more than an IT issue. It is an enterprise level risk management issue. With Work-From-Home being the norm at present, and a rise in number of data breaches, this has become a permanent item on the agendas of Risk Management Committees (RMCs) of forward-looking companies. A cyber security breach/ attack has the potential of compromising the data and servers of a company, thereby adversely impacting its business. It also could result in severe reputational and legal consequences for the company.
As per SEBI LODR Regulation, 2015, RMC has to be responsible for monitoring and reviewing activities relating to cyber security. Since most of the RMC members are not cyber experts, it is important for top managements to ensure that they have experts in their team, or can access outside expertise, to take care of cyber security related aspects. RMC members however must have an oversight on cyber security. Given the importance of cyber security, it should be on the agenda of the RMC at every quarterly meeting. In the absence of an RMC, the Audit Committee (AC) should perform this function.
Some possible questions relating to cyber security, that RMC members should ask are, -
All cyber security issues cannot be anticipated, and planned for. This gives rise to a continuing requirement of not lowering one’s guard and being on the alert all the time.